Antivirus/Malware: Correctly install and configure antivirus or malware protection software and install updates as soon as they are available.

Access control: Limit access to sensitive information on a need-to-know basis. Make sure databases are not open and accessible to the internet. They need to be located behind a firewall, only accessible from trusted IPs.

Test applications: Test applications that connect to the database to ensure that SQL injection is not possible and that application-based queries are bound to specific user roles to prevent data leakage.

Enable remote wipe functionality: Enable remote wipe functionality for mobile devices. If the device is ever lost or stolen, you can clear it of any personal data remotely. If your business allows a Bring your Own Device policy, require user acceptance of corporate control and monitoring.

Strong password policies

An essential prerequisite of securing a database is to require a unique user ID and password to gain access to company information systems, including laptops, smartphones, networks, and accounts. Below are some restrictions you should consider:

Avoid using shared accounts and change default passwords.

Enforce password complexity, length and expiration policies.

Require at least eight characters.

Require a combination of uppercase and lowercase letters with at least one special character (!, &, ?).